<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class OAuth extends CI_Controller {

    public function __construct()
    {
        // Constructor to auto-load HybridAuthLib
        parent::__construct();
        $this->load->library('HybridAuthLib');
    }

    public function index()
    {
        // Send to the view all permitted services as a user profile if authenticated
        $data['providers'] = $this->hybridauthlib->getProviders();
        foreach($data['providers'] as $provider=>$d) {
            if ($d['connected'] == 1) {
                $data['providers'][$provider]['user_profile'] = $this->hybridauthlib->authenticate($provider)->getUserProfile();
            }
        }
        $this->load->view('oauth/home', $data);
    }

    public function login($provider)
    {
        if($provider == 'Twitter' OR $provider == 'twitter' OR $provider == 'Facebook' OR $provider == 'facebook' OR $provider == 'Google' OR $provider == 'google'){            

            log_message('debug', "controllers.OAuth.login($provider) called");

            try
            {
                log_message('debug', 'controllers.OAuth.login: loading HybridAuthLib');


                if ($this->hybridauthlib->providerEnabled($provider))
                {
                    log_message('debug', "controllers.OAuth.login: service $provider enabled, trying to authenticate.");
                    $service = $this->hybridauthlib->authenticate($provider);

                    if ($service->isUserConnected())
                    {
                        log_message('debug', 'controller.OAuth.login: user authenticated.');
                        $user_profile = $service->getUserProfile();
                        $data['user_profile'] = $user_profile;
                        $identifier     = $user_profile->identifier;
                        $first_name     = $user_profile->firstName;
                        $last_name      = $user_profile->lastName;
                        $photo_url      = $user_profile->photoURL;

                        if($provider === 'Twitter'){
                            $provider_column = 'twitter_id';
                        }elseif($provider === 'Facebook'){
                            $provider_column = 'facebook_id';
                        }elseif($provider === 'Google'){
                            $provider_column = 'google_id';
                        }

                        // check if this user is already registered
                        if(!$this->ion_auth_model->oauth_id_check($provider_column, $identifier)){

                            if($this->ion_auth_model->oauth_register($provider_column, $identifier, array('nickname' => $first_name . ' ' . $last_name))){                                
                                
                                //simpan routes member
                                $this->load->helper('routes');
                                save_member_routes();
            
                                $this->ion_auth_model->oauth_login($provider_column, $identifier, $photo_url, 0);
                            }
                            
                        }else{
                            $this->ion_auth_model->oauth_login($provider_column, $identifier, $photo_url, 0);
                        }

                        //mengambil url sebelum ke halaman login (kecuali halaman logout)
                        if (isset($_REQUEST['redirurl']) && $_REQUEST['redirurl'] != site_url('logout')) {
                            $url = $_REQUEST['redirurl'];
                        } else {
                            if (!$this->ion_auth->in_group(array($this->config->item('super_admin_group', 'ion_auth'), $this->config->item('admin_group', 'ion_auth')))) {
                                $url = user_profile_url();
                            } else {
                                $url = site_url('admin');
                            }
                        }

                        //dikembalikan ke halaman sebelum mengakses halaman login
                        redirect($url, 'refresh');
                    }
                    else // Cannot authenticate user
                        {
                        show_error('Cannot authenticate user');
                    }
                }
                else // This service is not enabled.
                    {
                    log_message('error', 'controllers.OAuth.login: This provider is not enabled ('.$provider.')');
                    show_404($_SERVER['REQUEST_URI']);
                }
            }
            catch(Exception $e)
            {
                $error = 'Unexpected error';
                switch($e->getCode())
                {
                case 0 : $error = 'Unspecified error.'; break;
                case 1 : $error = 'HybridAuth configuration error.'; break;
                case 2 : $error = 'Provider not properly configured.'; break;
                case 3 : $error = 'Unknown or disabled provider.'; break;
                case 4 : $error = 'Missing provider application credentials.'; break;
                case 5 : log_message('debug', 'controllers.OAuth.login: Authentification failed. The user has canceled the authentication or the provider refused the connection.');
                    //redirect();
                    if (isset($service))
                    {
                        log_message('debug', 'controllers.OAuth.login: logging out from service.');
                        $service->logout();
                    }
                    show_error('User has cancelled the authentication or the provider refused the connection.');
                    break;
                case 6 : $error = 'User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again.';
                    break;
                case 7 : $error = 'User not connected to the provider.';
                    break;
                }

                if (isset($service))
                {
                    $service->logout();
                }

                log_message('error', 'controllers.OAuth.login: '.$error);
                show_error('Error authenticating user.');
            }
        }else{
            //jika bukan tw, fb atau google
            show_error('Cannot authenticate user');
        }
    }

    public function logout($provider = "")
    {

        log_message('debug', "controllers.OAuth.logout($provider) called");

        try
        {
            if ($provider == "") {

                log_message('debug', "controllers.OAuth.logout() called, no provider specified. Logging out of all services.");
                $data['service'] = "all";
                $this->hybridauthlib->logoutAllProviders();
            } else {
                if ($this->hybridauthlib->providerEnabled($provider)) {
                    log_message('debug', "controllers.OAuth.logout: service $provider enabled, trying to check if user is authenticated.");
                    $service = $this->hybridauthlib->authenticate($provider);

                    if ($service->isUserConnected()) {
                        log_message('debug', 'controller.OAuth.logout: user is authenticated, logging out.');
                        $service->logout();
                        $data['service'] = $provider;
                    } else { // Cannot authenticate user
                        show_error('User not authenticated, success.');
                        $data['service'] = $provider;
                    }

                } else { // This service is not enabled.

                    log_message('error', 'controllers.OAuth.login: This provider is not enabled ('.$provider.')');
                    show_404($_SERVER['REQUEST_URI']);
                }
            }
            // Redirect back to the main page. We're done with logout
            // redirect('OAuth/', 'refresh');

        }
        catch(Exception $e)
        {
            $error = 'Unexpected error';
            switch($e->getCode())
            {
            case 0 : $error = 'Unspecified error.'; break;
            case 1 : $error = 'Hybriauth configuration error.'; break;
            case 2 : $error = 'Provider not properly configured.'; break;
            case 3 : $error = 'Unknown or disabled provider.'; break;
            case 4 : $error = 'Missing provider application credentials.'; break;
            case 5 : log_message('debug', 'controllers.OAuth.login: Authentification failed. The user has canceled the authentication or the provider refused the connection.');
                //redirect();
                if (isset($service))
                {
                    log_message('debug', 'controllers.OAuth.login: logging out from service.');
                    $service->logout();
                }
                show_error('User has cancelled the authentication or the provider refused the connection.');
                break;
            case 6 : $error = 'User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again.';
                break;
            case 7 : $error = 'User not connected to the provider.';
                break;
            }

            if (isset($service))
            {
                $service->logout();
            }

            log_message('error', 'controllers.OAuth.login: '.$error);
            show_error('Error authenticating user.');
        }
    }

    // Little json api and variable output testing function. Make it easy with JS to verify a session.  ;)
    /*public function status($provider = "")
    {
        try
        {
            if ($provider == "") {
                log_message('debug', "controllers.OAuth.status($provider) called, no provider specified. Providing details on all connected services.");
                $connected = $this->hybridauthlib->getConnectedProviders();

                if (count($connected) == 0) {
                    $data['status'] = "User not authenticated.";
                } else {
                    $connected = $this->hybridauthlib->getConnectedProviders();
                    foreach($connected as $provider) {
                        if ($this->hybridauthlib->providerEnabled($provider)) {
                            log_message('debug', "controllers.OAuth.status: service $provider enabled, trying to check if user is authenticated.");
                            $service = $this->hybridauthlib->authenticate($provider);
                            if ($service->isUserConnected()) {
                                log_message('debug', 'controller.OAuth.status: user is authenticated to $provider, providing profile.');
                                $data['status'][$provider] = (array)$this->hybridauthlib->getAdapter($provider)->getUserProfile();
                            } else { // Cannot authenticate user
                                $data['status'][$provider] = "User not authenticated.";
                            }
                        } else { // This service is not enabled.
                            log_message('error', 'controllers.OAuth.status: This provider is not enabled ('.$provider.')');
                            $data['status'][$provider] = "provider not enabled.";
                        }
                    }
                }
            } else {
                if ($this->hybridauthlib->providerEnabled($provider)) {
                    log_message('debug', "controllers.OAuth.status: service $provider enabled, trying to check if user is authenticated.");
                    $service = $this->hybridauthlib->authenticate($provider);
                    if ($service->isUserConnected()) {
                        log_message('debug', 'controller.OAuth.status: user is authenticated to $provider, providing profile.');
                        $data['status'][$provider] = (array)$this->hybridauthlib->getAdapter($provider)->getUserProfile();
                    } else { // Cannot authenticate user
                        $data['status'] = "User not authenticated.";
                    }
                } else { // This service is not enabled.
                    log_message('error', 'controllers.OAuth.status: This provider is not enabled ('.$provider.')');
                    $data['status'] = "provider not enabled.";
                }
            }
            $this->load->view('OAuth/status', $data);
        }
        catch(Exception $e)
        {
            $error = 'Unexpected error';
            switch($e->getCode())
            {
            case 0 : $error = 'Unspecified error.'; break;
            case 1 : $error = 'Hybriauth configuration error.'; break;
            case 2 : $error = 'Provider not properly configured.'; break;
            case 3 : $error = 'Unknown or disabled provider.'; break;
            case 4 : $error = 'Missing provider application credentials.'; break;
            case 5 : log_message('debug', 'controllers.OAuth.login: Authentification failed. The user has canceled the authentication or the provider refused the connection.');
                //redirect();
                if (isset($service))
                {
                    log_message('debug', 'controllers.OAuth.login: logging out from service.');
                    $service->logout();
                }
                show_error('User has cancelled the authentication or the provider refused the connection.');
                break;
            case 6 : $error = 'User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again.';
                break;
            case 7 : $error = 'User not connected to the provider.';
                break;
            }

            if (isset($service))
            {
                $service->logout();
            }

            log_message('error', 'controllers.OAuth.login: '.$error);
            show_error('Error authenticating user.');
        }
    }*/

    public function endpoint()
    {

        log_message('debug', 'controllers.OAuth.endpoint called.');
        log_message('info', 'controllers.OAuth.endpoint: $_REQUEST: '.print_r($_REQUEST, TRUE));

        if ($_SERVER['REQUEST_METHOD'] === 'GET')
        {
            log_message('debug', 'controllers.OAuth.endpoint: the request method is GET, copying REQUEST array into GET array.');
            $_GET = $_REQUEST;
        }

        log_message('debug', 'controllers.OAuth.endpoint: loading the original HybridAuth endpoint script.');
        require_once APPPATH.'/third_party/hybridauth/index.php';

    }

}

/* End of file OAuth.php */
/* Location: ./application/controllers/OAuth.php */
